IDENTIFYING AN EGRESS POINT TO A NETWORK LOCATION

Description

TECHNICAL FIELD

[0001] This disclosure relates to methods of identifying an egress point to a network location.

BACKGROUND

[0002] In general, autonomous systems (AS) having networks under a common administrator may share a common routing policy for communication therebetween, such as border gateway protocol (BGP). Within each autonomous system, the routing protocol typically entails an interior gateway protocol (IGP), such as a link state protocol.

[0003] Link state protocol generally relies on a routing algorithm executed at each network node. Each node on the network advertises, throughout the network, links to neighboring nodes and provides a cost associated with each link, which can be based on any appropriate metric such as link bandwidth or delay and is typically expressed as an integer value. A link may have an asymmetric cost, that is, the cost in a first direction along a link may be different from the cost in a second, reverse direction. Based on the advertised information in the form of a link state packet (LSP) each node constructs a link state database (LSDB), which is a map of the entire network topology, and from that constructs generally a single route to each available node based on an appropriate algorithm such as, a shortest path first (SPF) algorithm. As a result, a spanning tree is constructed, rooted at the node and showing a communication path including intermediate nodes to each available destination node.

[0004] The results of the spanning tree can be stored in a routing information base (RIB) and based on these results the forwarding information base (FIB) or forwarding table is updated to control forwarding of packets appropriately. When there is a network change a link state packet representing the change is flooded through the network by each node adjacent the change, each node receiving the link state packet sends it to each adjacent node. As a result, when a data packet for a destination node arrives at a node the node identifies a route to that destination and forwards the packet to the next node along that route. The next node repeats this step and so forth.

[0005] US2009092140 discloses a method and apparatus for providing a hierarchical structure for routing over packet networks. The method first receives one or more packets from at least one customer endpoint device with a Customer Edge (CE) functionality, wherein said one or more packets are destined for a destination node. The method locates a route for routing said one or more packets by consulting an interface specific routing table. The method then forwards said one or more packets towards said destination node using said route.

[0006] US2011128969 discloses a network which utilizes centralized control for the transport of a packet flow to a destination via an intermediary network. The network identifies the intermediary network best suited for offloading the packet flow and then develops a routing policy based on Multiprotocol Label Switching or other circuit-switching type techniques. This ensures that the packets of the packet flow are automatically forwarded to a peering router connected to the identified intermediary network, and ensures that the peering router automatically outputs the packets of the packet flow to the identified intermediary network in a manner that bypasses autonomous routing decisions by the routers of the network.

SUMMARY

[0007] In computer networks, such as the Internet, a network of links (i.e., communication paths) and nodes, such as routers directing packets of data along one or more connected links, send packets of data from a source to a destination according to one or more routing protocols. A unique internet protocol (IP) address typically identifies elements in the network. In a relatively large provider network, multiple egress points may advertise a route to a specific destination. A default routing policy out of the provider network to that destination may include selecting only one egress point (assuming no load-balancing) based on network policies for routing egress traffic. Since many networks fail to accept advertisements less than 256 IP addresses in a block, an egress point may be chosen that is less efficient than another egress point to the same destination. The present disclosure provides a network system that can route egress traffic to part of a prefix, including individual IP addresses of that prefix. This allows selection of an efficient egress point for binding of a particular client connection. The present invention is defined in the appended independent claims to which reference should be made. Advantageous features are set out in the appended dependent claims.

DESCRIPTION OF DRAWINGS

[0008] 

FIG. 1 is a schematic view of an exemplary network system.

FIG. 2 is a schematic view of an exemplary network system capable of directing data traffic to an internet protocol address and/or a subnetwork.

FIG. 3 is a schematic view of an internet protocol address.

FIG. 4 is a schematic view of an exemplary egress data source.

FIG. 5 is a schematic view of an exemplary network system.

FIG. 6 provides an exemplary arrangement of operations for a method of identifying an egress point to a network location.

[0009] Like reference symbols in the various drawings indicate like elements.

DETAILED DESCRIPTION

[0010] Referring to FIG.1, in some implementations, a network system 10 may include an external network 100, such as the Internet or a portion thereof, in communication with a provider network 200. The network system 10 may include a network of communication paths 20 (also referred to as links or connections) and nodes 30 (e.g., routers directing packets of data along one or more connected links) that send packets 40 of data from a source 50a to a destination 50b according to one or more routing protocols. A unique internet protocol (IP) address typically identifies a link 20 or a node 30 in the network system 10. The provider network 200 may provide access to and/or direct traffic about the external network 100.

[0011] One possible routing protocol for the network system 10 and/or the external network 100 is border gateway protocol (BGP). Border gateway protocol routes data between autonomous systems (AS) having networks under a common administrator and sharing a common routing policy. Routers adhering to border gateway protocol generally exchange full routing information during a connection session, for example, using transmission control protocol (TCP), allowing inter-autonomous system routing. The information exchanged may include various attributes including a next-hop attribute. For example, where a BGP router advertisers a connection to a network in a form of an IP address prefix, the next-hop attribute includes the IP address used to reach the BGP router. Within each autonomous system the routing protocol typically includes an interior gateway protocol (IGP) that may include a link state protocol such as open shortest path first (OSPF) or intermediate system-intermediate system (IS-IS).

[0012] The provider network 200 includes a connection manager 210 that may route data packets 40 received from sources 50a to corresponding destinations 50b. The connection manager 210 may execute on at least one computing device 212, such as a server, in communication with the external network 100. Moreover, the connection manager 210 may reside on the provider network 200. When the connection manager 210 receives a client connection 22 from a source 50a (e.g., a client of the external network 100), the connection manager 210 may determine an egress point 202 of the provider network 200 for binding with the client connection 22 to send data packets 40 received from the source 50a to the corresponding destination 50b. In some implementations, rather than relying on the default network routing protocol to determine an egress point 202 for data packets 40 of the client connection 22, the connection manager 210 can choose a specific communication path 20 to the destination 50b. This allows the connection manager 210 to use a pre-selected communication path 20 that may differ from a communication path 20 chosen by the default network routing protocol. As a result, certain high value traffic can be directed along certain communication paths 20 using the egress points stored in the egress data source 220. Moreover, rather than relying on a link state database (LSDB) stored at an egress point router (for link state protocol scenarios) for all or any data traffic, the connection manager 210 can execute on a separate computing device, such as a server, having relatively greater computer processing and memory capabilities.

[0013] The egress point 202 may include one or more egress routers 204. Routers 204 generally provide logical or physical borders between subnets 306 and manage traffic between the subnets 306. Each subnet 306 can be served by a designated default router, but may include multiple physical Ethernet segments interconnected by network switches or network bridges.

[0014] FIG. 3 illustrates an exemplary IP address 300. IP networks can be divided into subnetwork in both IPv4 and IPv6. For this purpose, an IP address 300 generally has two parts: a network prefix 302 and a host identifier 304, or interface identifier (IPv6). For IPv4, a subnet mask may be used to divide the IP address 300 into a subnetwork 306 portion and the host identifier 304.

[0015] A subnetwork 306, or subnet, is generally a subdivision of an IP network. Subnetting can be the process of designating some high-order bits from the host identifier 304 of the IP address 300 and grouping them with a network mask to form a subnet mask. This divides the IP network into smaller subnetworks 306. All computing devices belonging to a subnetwork 306 can be addressed with a common, identical, most-significant bit-group in their IP addresses 300.

[0016] Referring again to FIG. 2, multiple egress points 202 can advertise a communication path 20 (e.g., a link) to a specific destination 50b. Moreover, in some instances, the connection manager 210 may accept advertisements only in blocks of IP addresses 300. A routing policy for routing egress traffic may cause the connection manager 210 to chose only one egress point 202 (assuming no load-balancing) for directing data packets 40 out of the provider network 200 to a prefix 302 of that destination 50b, even though multiple valid egress points 202 may exist. For example, one egress point 202 may have relatively low latency for sending data packets 40 to a first set of IP addresses 300, while another egress point 202 may have relatively low latency for sending data packets 40 to a second set of IP addresses 300.

[0017] Referring to FIGS. 2-4, in some implementations, the provider network 200 routes egress traffic to part of a prefix 302, i.e., a subnetwork 306, including individual IP addresses 300 of that prefix 302. This allows selection of an efficient egress point 202 for binding of a particular client connection 22.

[0018] In some implementations, the connection manager 210 communicates with an egress data source 220 to select an egress point 202 for binding with a received client connection 22, rather than relying solely on natural network routing. The egress data source 220 stores egress point identifiers 402 of corresponding egress points 202, which are associated with internet protocol (IP) addresses 300 and/or subnetworks 306. Each egress point 202 may be associated (via its egress point identifier) with one or more IP addresses 300 and/or subnetworks 306. The associations can be determined based on at least one performance factor 404, such as latency PCm-1, bandwidth PCm-2, cost PCm-3, and/or usage PCm-4. Moreover, the egress data source 220 may store at least one performance factor 404 for association with at least one egress point 202. The connection manager 210 may query the egress data source 220 by IP address 300, subnetwork 306 and/or performance factor 404. For example, the connection manager 210 may query the egress data source 220 for an egress point identifier 402 corresponding to an egress point 202 satisfying a performance criteria 404 that includes a threshold latency PCm-1, a threshold bandwidth PCm-2, a threshold cost PCm-3, and/or a threshold usage PCm-4.

[0019] FIG. 4 illustrates an exemplary relationship model 400 providing a possible one-to-many relationship between egress points 202, each having an egress point identifier 402 (e.g., unique identifiers), and IP addresses 300, subnetworks 306, and/or performance factors 404. The egress data source 220 may be a relational database, allowing flexible management and storage of information associated with the egress points 202.

[0020] Referring again to FIG. 2, the connection manager 210 communicates with a tunnel manager 230 for routing data packets 40 from the client connection 22 to the destination 50b. The tunnel manager 230 may instantiate network tunnels 232 of the provider network 200, for example, for each egress point 202 having a corresponding egress point identifier 402 stored by the egress data source 220. In some implementations, the tunnel manager 230 instantiates network tunnels 232 only for egress points 202 that would not be selected naturally by the default network routing protocol. Natural egress points 202a, those normally chosen by the network routing protocol, may not need network tunnels 232, since data packets 40 can move to those egress points 220a under the normal (default) routing protocol. On the other hand, pre-selected egress points 202b, such as those stored in the egress data source 220, need network tunnels 232 to direct data packets 40 to those locations against the normal routing protocol. As such, in some examples, the tunnel manager 230 may establish network tunnels 232 only for egress points 202, 202b specified by the egress data source 220.

[0021] When the connection manager 210 receives a client connection 22 from the external network 100, the connection manger 210 may retrieve an egress point identifier 402 from the egress data source 220 based on the IP address 300 and/or the subnetwork 306 of the corresponding destination 50b of the client connection 22. The connection manager 210 binds the client connection 22 to an egress point 202 corresponding to the retrieved egress point identifier 402. The connection manager 210 encapsulates packets 40 of data received from the client connection 22 and sends the encapsulated data packets 40a through an instantiated network tunnel 232 for the bound egress point 202. The connection manager 210 may use multi-protocol label switching (MPLS), generic routing encapsulation (GRE), or a virtual local area network (VLAN), for example, to encapsulate the data packets 40 and send the encapsulated data packets 40a across the provider network 200 to the bound egress point 202. MPLS directs data from one network node 30 to the next based on short path labels rather than long network addresses, avoiding complex lookups in a routing table.

[0022] When individual data packets 40 need binding to a specific egress point 202, the connection manager 210 may support delayed binding and migration of in-process flows between egress points 202. In some examples, the connection manager 210 executes an input/output control request on an existing socket to have a kernel start encapsulating data packets 40 sent through that socket to the bound egress point 202.

[0023] In some implementations, a decapsulator 240 terminates the tunnelled traffic at the egress point 202. The decapsulator 240 decapsulates encapsulated data packets 40a sent by the connection manager 210 through a network tunnel 232 to the bound egress point 202. The decapsulated data packets 40 are forwarded in the provider network 200 following natural network routing to the egress point 202. Each decapsulator 240 may advertise a tunnel endpoint 234 (e.g., associated with an egress point 202). The tunnel manager 230 may configure the decapsulator 240 associated with each received tunnel endpoint advertisement 234 to terminate encapsulated data packets 40a received through a network tunnel 232. In some examples, the decapsulator 240 is part of a network node 30 (e.g., a router), while in other examples, the decapsulator 240 is a specialized component communicating with the tunnel manager 230 and/or the egress point 202. The provider network 200 may include multiple decapsulators 240, each of which may be associated with multiple network tunnels 232 aggregated by groups of servers in a given location. A single network tunnel 232 can be used by several servers to communicate with many clients on various external networks 100.

[0024] In some examples, the provider network 200 does not need to send the encapsulated data packets 40a completely to the bound egress point 202. Instead, the encapsulated data packets 40a may simply reach a threshold distance near the egress point 202, where natural network routing directs the encapsulated data packets 40a to a particular egress point 202 or a particular router 204 at the egress point 202.

[0025] The tunnel manager 230 may receive tunnel end point advertisements from decapsulators 240 associated with the egress points 202 and instantiates network tunnels 232 to each egress point 202. Moreover, the tunnel manager 230 may provide tunnel information to the connection manager 210, which may use the tunnel information for encapsulating the data packets 40. In some examples, the tunnel information includes a tunnel identifier, a tunnel type, and/or an egress point identifier for an associated network tunnel 232. When the connection manager 210 sends encapsulated data packets 40a through a network tunnel 232, the tunnel manager 230 or the connection manager 210 may monitor the network tunnel 232 to verify delivery of the encapsulated data packets 40a. An inner header of the encapsulated data packets 40a may have a destination IP address 300 for a monitoring object, such as an IP address 300 for the tunnel manager 230 or the connection manager 210, allowing the monitoring object to check on the movement of the encapsulated data packets 40a and verify delivery the encapsulated data packets 40a through the network tunnel 232 to the egress point 202.

[0026] Referring to FIGS. 2 and 5, in some implementations, the tunnel manager 230 queries the egress data source 220 for IP subnets 306 and/or IP addresses 300 and their associated egress points 202. The tunnel manager 230 may solicit advertisements from the queried egress points 202 (e.g., of corresponding network tunnel end points 234) and then instantiate a network tunnel 232 to each egress point 202. The tunnel manager 230 may communicate tunnel information 236 to the connection manager 210, such as a network tunnel identifier 236a, a tunnel type 236b, corresponding egress point identifier 402, encapsulation and/or label information, etc.

[0027] When the connection manager 210 receives a client connection 22 from a source 50a (e.g., a client) on an external network 100, the connection manager 210 queries the egress data source 220 for an egress point 202 corresponding to a destination 50b of the client connection 22. If the egress data source 220 does not have any egress points 202 associated with the destination 50b (e.g., returns an empty recordset for the query), the connection manager 210 may respond to the source 50a using natural network routing. In this case, the data packets 40 move through the provider network 200 using natural network routing to a natural egress point 202a, which may be less efficient than a pre-selected egress point 202b stored in the egress data source 220 and associated with that destination 50b.

[0028] If the egress data source 220 returns an egress point identifier 402 to a pre-selected egress point 202b, the connection manger 210 may cross-reference the egress point identifier 402 with the tunnel information received from the tunnel manger 230 for identifying the appropriate encapsulation/label information. The connection manager 210 encapsulates the data packets 40 received from the source 50a and sends the encapsulated data packets 40a into the provider network 200 through an instantiated network tunnel 232 to the decapsulator 240 associated with the egress point 202. The decapsulator 240 decapsulates the encapsulated data packets 40a and forwards the data packets 40 into the provider network 200 at least near the pre-selected egress point 202b, where natural network routing can guide the data packets to the pre-selected egress point 202b.

[0029] In some implementations, a first percentage of data flows to various destinations 50b are not encapsulated and are allowed to egress naturally, according to the default network routing protocol. These destinations 50b do not have associated egress points 202 stored in the egress data source 220. While a second percentage of data flows on the provider network 200 (such as high value flows) having destinations 50b accounted for in the egress data source 220 may be encapsulated for travel through a network tunnel 232 to a pre-selected egress point 202b. If a pre-selected egress point 202b ceases to exist, the data may flow using the default network routing protocol.

[0030] FIG. 6 provides an exemplary arrangement 600 of operations for a method of identifying an egress point 202 to a network location. The method includes receiving 602 a client connection 22 from an external network 100 and retrieving 604 an egress point identifier 402 from the egress data source 220 for the received client connection 22. The egress data source 220 may store egress point identifiers 402 associated with at least one of an IP address 300 and a subnetwork 306. The method further includes binding 606 the client connection 22 to an egress point 202 corresponding to the retrieved egress point identifier 402. The method includes encapsulating 608 data packets 40 received from the client connection 22, sending the encapsulated data packets 40a through an instantiated network tunnel 232 to the bound egress point 202, and decapsulating the encapsulated data packets 40a at least near the bound egress point 202.

[0031] In some implementations, the method includes instantiating network tunnels 232 of the provider network 200 (e.g., via the tunnel manager 230) for each egress point 202 having a corresponding egress point identifier 402 stored by the egress data source 220. In some examples, this includes receiving an advertised tunnel endpoint 234 from a decapsulator 240 associated with each egress point 202 and for each received tunnel endpoint advertisement 234, instantiating a network tunnel 232 to the associated egress point 202.

[0032] The method may include querying the egress data source 220 for an egress point identifier 402 associated with a destination 50b of the received client connection 22. The destination 50b can be an internee protocol address 300 and/or a subnetwork 306. In additional implementations, the method includes querying the egress data source 220 for an egress point identifier 402 corresponding to an egress point 202 satisfying a performance criteria, which may include a threshold latency, a threshold bandwidth, a threshold cost, and/or a threshold usage. Moreover, the method may include encapsulating the data packets 40 with tunnel label information received from the tunnel manager 230, such as a network tunnel identifier, a tunnel type, and/or an egress point identifier 402.

[0033] When the egress data source 220 fails to provide an egress point identifier 402 for the received client connection 22, the method may include sending the data packets 40 received from the client connection 22 according to a default network routing protocol. The default network routing protocol can route the data packets 40 to another egress point 202 for delivery to the destination 50b.

[0034] Various implementations of the systems and techniques described here can be realized in digital electronic circuitry, integrated circuitry, specially designed ASICs (application specific integrated circuits), computer hardware, firmware, software, and/or combinations thereof. These various implementations can include implementation in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, coupled to receive data and instructions from, and to transmit data and instructions to, a storage system, at least one input device, and at least one output device.

[0035] These computer programs (also known as programs, software, software applications or code) include machine instructions for a programmable processor, and can be implemented in a high-level procedural and/or object-oriented programming language, and/or in assembly/machine language. As used herein, the terms "machine-readable medium" and "computer-readable medium" refer to any computer program product, apparatus and/or device (e.g., magnetic discs, optical disks, memory, Programmable Logic Devices (PLDs)) used to provide machine instructions and/or data to a programmable processor, including a machine-readable medium that receives machine instructions as a machine-readable signal. The term "machine-readable signal" refers to any signal used to provide machine instructions and/or data to a programmable processor.

[0036] Implementations of the subject matter and the functional operations described in this specification can be implemented in digital electronic circuitry, or in computer software, firmware, or hardware, including the structures disclosed in this specification and their structural equivalents, or in combinations of one or more of them. Aspects of the subject matter described in this specification can be implemented as one or more computer program products, i.e., one or more modules of computer program instructions encoded on a computer readable medium for execution by, or to control the operation of, data processing apparatus. The computer readable medium can be a machine-readable storage device, a machine-readable storage substrate, a memory device, a composition of matter effecting a machine-readable propagated signal, or a combination of one or more of them. The term "data processing apparatus" encompasses all apparatus, devices, and machines for processing data, including by way of example a programmable processor, a computer, or multiple processors or computers. The apparatus can include, in addition to hardware, code that creates an execution environment for the computer program in question, e.g., code that constitutes processor firmware, a protocol stack, a database management system, an operating system, or a combination of one or more of them. A propagated signal is an artificially generated signal, e.g., a machine-generated electrical, optical, or electromagnetic signal, that is generated to encode information for transmission to suitable receiver apparatus.

[0037] A computer program (also known as a program, software, software application, script, or code) can be written in any form of programming language, including compiled or interpreted languages, and it can be deployed in any form, including as a stand alone program or as a module, component, subroutine, or other unit suitable for use in a computing environment. A computer program does not necessarily correspond to a file in a file system. A program can be stored in a portion of a file that holds other programs or data (e.g., one or more scripts stored in a markup language document), in a single file dedicated to the program in question, or in multiple coordinated files (e.g., files that store one or more modules, sub programs, or portions of code). A computer program can be deployed to be executed on one computer or on multiple computers that are located at one site or distributed across multiple sites and interconnected by a communication network.

[0038] The processes and logic flows described in this specification can be performed by one or more programmable processors executing one or more computer programs to perform functions by operating on input data and generating output. The processes and logic flows can also be performed by, and apparatus can also be implemented as, special purpose logic circuitry, e.g., an FPGA (field programmable gate array) or an ASIC (application specific integrated circuit).

[0039] Processors suitable for the execution of a computer program include, by way of example, both general and special purpose microprocessors, and any one or more processors of any kind of digital computer. Generally, a processor will receive instructions and data from a read only memory or a random access memory or both. The essential elements of a computer are a processor for performing instructions and one or more memory devices for storing instructions and data. Generally, a computer will also include, or be operatively coupled to receive data from or transfer data to, or both, one or more mass storage devices for storing data, e.g., magnetic, magneto optical disks, or optical disks. However, a computer need not have such devices. Moreover, a computer can be embedded in another device, e.g., a mobile telephone, a personal digital assistant (PDA), a mobile audio player, a Global Positioning System (GPS) receiver, to name just a few. Computer readable media suitable for storing computer program instructions and data include all forms of non volatile memory, media and memory devices, including by way of example semiconductor memory devices, e.g., EPROM, EEPROM, and flash memory devices; magnetic disks, e.g., internal hard disks or removable disks; magneto optical disks; and CD ROM and DVD-ROM disks. The processor and the memory can be supplemented by, or incorporated in, special purpose logic circuitry.

[0040] Implementations of the subject matter described in this specification can be implemented in a computing system that includes a back end component, e.g., as a data server, or that includes a middleware component, e.g., an application server, or that includes a front end component, e.g., a client computer having a graphical user interface or a Web browser through which a user can interact with an implementation of the subject matter described is this specification, or any combination of one or more such back end, middleware, or front end components. The components of the system can be interconnected by any form or medium of digital data communication, e.g., a communication network. Examples of communication networks include a local area network ("LAN") and a wide area network ("WAN"), e.g., the Internet.

[0041] The computing system can include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.

[0042] While this specification contains many specifics, these should not be construed as limitations on the scope of the invention or of what may be claimed, but rather as descriptions of features specific to particular implementations of the invention. Certain features that are described in this specification in the context of separate implementations can also be implemented in combination in a single implementation. Conversely, various features that are described in the context of a single implementation can also be implemented in multiple implementations separately or in any suitable sub-combination. Moreover, although features may be described above as acting in certain combinations and even initially claimed as such, one or more features from a claimed combination can in some cases be excised from the combination, and the claimed combination may be directed to a sub-combination or variation of a sub-combination.

[0043] Similarly, while operations are depicted in the drawings in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order, or that all illustrated operations be performed, to achieve desirable results. In certain circumstances, multi-tasking and parallel processing may be advantageous. Moreover, the separation of various system components in the embodiments described above should not be understood as requiring such separation in all embodiments, and it should be understood that the described program components and systems can generally be integrated together in a single software product or packaged into multiple software products.

[0044] A number of implementations have been described. Nevertheless, it will be understood that various modifications may be made without departing from the scope of the disclosure. Accordingly, other implementations are within the scope of the following claims. For example, the actions recited in the claims can be performed in a different order and still achieve desirable results.

Claims

1. A method of identifying an egress point (202) to a network location, the method comprising:

receiving, at a connection manager (210), a client connection (22) from an external network (100);

retrieving, at the connection manager (210), an egress point identifier (402) from an egress data source (220) for the received client connection (22), the egress data source (220) storing egress point identifiers (402) associated with at least one of an internet protocol address (300) and a subnetwork (306);

binding, at the connection manager (210), the client connection (22) to a pre-selected egress point (202) corresponding to the retrieved egress point identifier (402), the pre-selected egress point (202, 202b) different from another egress point (202, 202a) naturally selected by a default network routing protocol;

encapsulating, at the connection manager (210), packets (40) of data received from the client connection (22);

instantiating, at the connection manager (210), a network tunnel (232) to an intermediate egress point (30) located a threshold distance from the bound pre-selected egress point (202, 202b);

sending, from the connection manager (210), the encapsulated data packets (40, 40a) through the instantiated network tunnel (232) to the intermediate egress point (30);

decapsulating, at a decapsulator (240), the encapsulated data packets (40a) at least near the intermediate egress point (30); and

after decapsulating the encapsulated data packets, routing the decapsulated data packets (40, 40a) from the intermediate egress point (30) to the bound pre-selected egress point (220) using the default network routing protocol.

2. The method of claim 1, further comprising instantiating network tunnels (232) of a provider network (200) for each pre-selected egress point (202) having a corresponding egress point identifier (402) stored by the egress data source (220).

3. The method of claim 1 or 2, further comprising:

receiving an advertised tunnel endpoint (234) from a decapsulator (240) associated with each pre-selected egress point (202); and

for each received tunnel endpoint advertisement (234), instantiating a network tunnel (232) to the associated pre-selected egress point (202).

4. The method of any preceding claim, further comprising:

receiving an advertised tunnel endpoint (234) from a decapsulator (240) associated with each pre-selected egress point (202); and

for each received tunnel endpoint advertisement (234), configuring the associated decapsulator (240) to terminate encapsulated data packets (40a) received through a network tunnel (232).

5. The method of any preceding claim, further comprising querying the egress data source (220) for an egress point identifier (402) associated with a destination (50b) of the received client connection (22), the destination (50b) comprising at least one of an internet protocol address (300) and a subnetwork (306).

6. The method of any preceding claim, further comprising querying the egress data source (220) for an egress point identifier (402) corresponding to a pre-selected egress point (202) satisfying a performance criteria (404), the performance criteria (404) comprising at least one of a threshold latency (PCm-1), a threshold bandwidth (PCm-2), a threshold cost (PCm-3), and a threshold usage (PCm-4).

7. The method of any preceding claim, further comprising encapsulating the data packets (40) with received tunnel label information (236), the tunnel label information (236) comprising at least one of a network tunnel identifier (236a), a tunnel type (236b), and an egress point identifier (402).

8. The method of any preceding claim, further comprising sending the data packets (40) received from the client connection (22) according to a default network routing protocol when the egress data source (220) fails to provide an egress point identifier (402) for the received client connection (22).

9. A network system comprising:

an egress data source (220) storing egress point identifiers (402) associated with at least one of an internet protocol address (300) and a subnetwork (306);

a tunnel manager (230) instantiating network tunnels (232) of a provider network for each pre-selected egress point (202) having a corresponding egress point identifier (402) stored by the egress data source (220);

a connection manager (210) in communication with the egress data source (220) and the tunnel manager, the connection manager (210) configured to:

receive a client connection (22) from an external network (100);

retrieve an egress point identifier (402) from the egress data source (220) for the received client connection (22);

bind the client connection (22) to a pre-selected egress point (202) corresponding to the retrieved egress point identifier (402), the pre-selected egress point different from another egress point naturally selected by a default network routing protocol;

encapsulate packets (40) of data received from the client connection (22);

instantiate a network tunnel (232) to an intermediate egress point (30) located a threshold distance from the bound pre-selected egress point (202, 202b); and

send the encapsulated data packets (40, 40a) through the instantiated network tunnel (232) to the intermediate egress point (202); and

a decapsulator (240) decapsulating the encapsulated data packets (40, 40a) at least near the intermediate egress point (30);

wherein after decapsulating the encapsulated data packets (40a) at the decapsulator (240), the connection manager (210) is configured to route the decapsulated data packets (40) from the decapsulator (240) to the bound pre-selected egress point (202, 202b) using the default network routing protocol.

10. The network system of claim 9, wherein the tunnel manager is configured to:

receive a tunnel end point advertisement (234) from a decapsulator (240) associated with each pre-selected egress point (202); and

for each received tunnel endpoint advertisement (234), instantiate a network tunnel (232) to the associated pre-selected egress point (202).

11. The network system of claim 9 or 10, wherein the tunnel manager is configured to:

receive a tunnel end point advertisement (234) from a decapsulator (240) associated with each pre-selected egress point (202); and

for each received tunnel endpoint advertisement (234), configure the associated decapsulator (240) to terminate encapsulated data packets (40, 40a) received through a network tunnel (232).

12. The network system of any of claims 9-11, wherein the tunnel manager (230) is configured to provide tunnel label information to the connection manager (210), the connection manager (210) encapsulating the data packets (40) with the tunnel label information (236), the tunnel label information (236) comprising at least one of a network tunnel identifier (236a), a tunnel type (236b), and a pre-selected egress point identifier (402).

13. The network system of any of claims 9-12, wherein the egress data source (220) stores at least one performance factor (404) for association with at least one pre-selected egress point (202), the performance factor (404) comprising at least one of latency (PCm-1), bandwidth (PCm-2), cost (PCm-3), and usage (PCm-4).

14. The network system of any of claims 9-13, wherein the connection manager (210) sends the data packets (40) received from the client connection (22) according to a default network routing protocol when the egress data source (220) fails to provide an egress point identifier (402) for the received client connection (22).

15. The network system of any of claims 9-14, wherein the pre-selected egress point (202) comprises an egress router (204).

Ansprüche

1. Verfahren zum Identifizieren eines Ausgabepunkts (202) bei einem Netzwerkstandort, wobei das Verfahren umfasst:

Empfangen, bei einem Verbindungsmanager (210), einer Clientverbindung (22) von einem externen Netzwerk (100);

Ermitteln, bei dem Verbindungsmanager (210), eines Ausgabepunktidentifikators (402) von einer Ausgabedatenquelle (220) für die empfangene Clientverbindung (22), wobei die Ausgabedatenquelle (220) Ausgabepunktidentifikatoren (402) speichert, die einer Internetprotokolladresse (300) und/oder einem Unternetzwerk (306) zugeordnet sind;

Binden, bei dem Verbindungsmanager (210), der Clientverbindung (22) an einen vorausgewählten Ausgabepunkt (202) entsprechend dem ermittelten Ausgabepunktidentifikator (402), wobei der vorausgewählte Ausgabepunkt (202, 202b) von einem anderen Ausgabepunkt (202, 202a) verschieden ist, der auf natürliche Weise durch ein Default-Netzwerkroutingprotokoll ausgewählt ist;

Einkapseln, bei dem Verbindungsmanager (210), von Datenpaketen (40), die von der Clientverbindung (22) empfangen sind;

Instanziieren, bei dem Verbindungsmanager (210), eines Netzwerktunnels (232) zu einem Zwischenausgabepunkt (30), der in einem Schwellenabstand von dem gebundenen vorausgewählten Ausgabepunkt (202, 202b) lokalisiert ist;

Senden, von dem Verbindungsmanager (210), der eingekapselten Datenpakete (40, 40a) durch den instanziierten Netzwerktunnel (232) zu dem Zwischenausgabepunkt (30);

Entkapseln, bei einem Entkapsler (240), der eingekapselten Datenpakete (40a) wenigstens nahe dem Zwischenausgabepunkt (30); und

nach dem Entkapseln der eingekapselten Datenpakete, Routen der entkapselten Datenpakete (40, 40a) von dem Zwischenausgabepunkt (30) zu dem gebundenen vorausgewählten Ausgabepunkt (220) unter Verwendung des Default-Netzwerkroutingprotokolls.

2. Verfahren nach Anspruch 1, ferner umfassend Instanziieren von Netzwerktunnels (232) eines Providernetzwerks (200) für jeden vorausgewählten Ausgabepunkt (202) mit einem entsprechenden, durch die Ausgabedatenquelle (220) gespeicherten, Ausgabepunktidentifikator (402).

3. Verfahren nach Anspruch 1 oder 2, ferner umfassend:

Empfangen eines bekanntgemachten Tunnelendpunkts (234) von einem Entkapsler (240), der jedem vorausgewählten Ausgabepunkt (202) zugeordnet ist; und

für jede empfangene Tunnelendpunktbekanntmachung (234) Instanziieren eines Netzwerktunnels (232) zu dem zugeordneten vorausgewählten Ausgabepunkt (202).

4. Verfahren nach einem der vorhergehenden Ansprüche, ferner umfassend:

Empfangen eines bekanntgemachten Tunnelendpunkts (234) von einem Entkapsler (240), der jedem vorausgewählten Ausgabepunkt (202) zugeordnet ist; und

für jede empfangene Tunnelendpunktbekanntmachung (234), Konfigurieren des zugeordneten Entkapslers (240) zum Beenden von eingekapselten Datenpaketen (40a), die durch einen Netzwerktunnel (232) empfangen werden.

5. Verfahren nach einem der vorhergehenden Ansprüche, ferner umfassend Befragen der Ausgabedatenquelle (220) nach einem Ausgabepunktidentifikator (402), der einem Ziel (50b) der empfangenen Clientverbindung (22) zugeordnet ist, wobei das Ziel (50b) eine Internetprotokolladresse (300) und/oder ein Unternetzwerk (306) umfasst.

6. Verfahren nach einem der vorhergehenden Ansprüche, ferner umfassend ein Befragen der Ausgabedatenquelle (220) nach einem Ausgabepunktidentifikator (402) entsprechend einem vorausgewählten Ausgabepunkt (202), der ein Leistungskriterium (404) erfüllt, wobei das Leistungskriterium (404) eine Schwellenlatenz (PCm-1), eine Schwellenbandbreite (PCm-2), Schwellenkosten (PCm-3) und/oder eine Schwellenverwendung (PCm-4) umfasst.

7. Verfahren nach einem der vorhergehenden Ansprüche, ferner umfassend ein Einkapseln der Datenpakete (40) mit empfangenen Tunnellabelinformationen (236), wobei die Tunnellabelinformationen (236) einen Netzwerktunnelidentifikator (236a), einen Tunneltyp (236b) und/oder einen Ausgabepunktidentifikator (402) umfassen.

8. Verfahren nach einem der vorhergehenden Ansprüche, ferner umfassend Senden der Datenpakete (40), die von der Clientverbindung (22) empfangen werden, gemäß einem Default-Netzwerkroutingprotokoll, wenn die Ausgabedatenquelle (220) dabei scheitert, einen Ausgabepunktidentifikator (402) für die empfangene Clientverbindung (22) bereitzustellen.

9. Netzwerksystem, umfassend:

eine Ausgabedatenquelle (220), die Ausgabepunktidentifikatoren (402) speichert, die einer Internetprotokolladresse (300) und/oder einem Unternetzwerk (306) zugeordnet sind;

einen Tunnelmanager (230), der Netzwerktunnel (232) eines Providernetzwerks für jeden vorausgewählten Ausgabepunkt (202) mit einem entsprechenden Ausgabepunktidentifikator (402) instanziiert, der durch die Ausgabedatenquelle (220) gespeichert ist;

einen Verbindungsmanager (210) in Kommunikation mit der Ausgabedatenquelle (220) und dem Tunnelmanager, wobei der Verbindungsmanager (210) für Folgendes ausgelegt ist:

Empfangen einer Clientverbindung (22) von einem externen Netzwerk (100);

Ermitteln eines Ausgabepunktidentifikators (402) von der Ausgabedatenquelle (220) für die empfangene Clientverbindung (22);

Binden der Clientverbindung (22) an einen vorausgewählten Ausgabepunkt (202) entsprechend dem ermittelten Ausgabepunktidentifikator (402), wobei der vorausgewählte Ausgabepunkt verschieden ist von einem anderen Ausgabepunkt, der auf natürliche Weise durch ein Default-Netzwerkroutingprotokoll ausgewählt ist;

Einkapseln von Datenpaketen (40), die von der Clientverbindung (22) empfangen sind;

Instanziieren eines Netzwerktunnels (232) zu einem Zwischenausgabepunkt (30), der in einem Schwellenabstand von dem gebundenen vorausgewählten Ausgabepunkt (202, 202b) lokalisiert ist; und

Senden der eingekapselten Datenpakete (40, 40a) durch den instanziierten Netzwerktunnel (232) zu dem Zwischenausgabepunkt (202); und

einen Entkapsler (240), der die eingekapselten Datenpakete (40, 40a) wenigstens nahe dem Zwischenausgabepunkt (30) entkapselt;

wobei nach dem Entkapseln der eingekapselten Datenpakete (40a) bei dem Entkapsler (240), der Verbindungsmanager (210) dazu ausgelegt ist, die entkapselten Datenpakete (40) von dem Entkapsler (240) zu dem gebundenen vorausgewählten Ausgabepunkt (202, 202b) unter Verwendung des Default-Netzwerkroutingprotokolls zu routen.

10. Netzwerksystem nach Anspruch 9, wobei der Tunnelmanager für Folgendes ausgelegt ist:

Empfangen einer Tunnelendpunktbekanntmachung (234) von einem Entkapsler (240), der jedem vorausgewählten Ausgabepunkt (202) zugeordnet ist; und

für jede empfangene Tunnelendpunktbekanntmachung (234), Instanziieren eines Netzwerktunnels (232) zu dem zugeordneten vorausgewählten Ausgabepunkt (202).

11. Netzwerksystem nach Anspruch 9 oder 10, wobei der Tunnelmanager für Folgendes ausgelegt ist:

Empfangen einer Tunnelendpunktbekanntmachung (234) von einem Entkapsler (240), der jedem vorausgewählten Ausgabepunkt (202) zugeordnet ist; und

für jede empfangene Tunnelendpunktbekanntmachung (234), Konfigurieren des zugeordneten Entkapslers (240) zum Beenden eingekapselter Datenpakete (40, 40a), die durch einen Netzwerktunnel (232) empfangen sind.

12. Netzwerksystem nach einem der Anspruche 9 bis 11, wobei der Tunnelmanager (230) dazu ausgelegt ist, Tunnellabelinformationen an den Verbindungsmanager (210) bereitzustellen, wobei der Verbindungsmanager (210) die Datenpakete (40) mit den Tunnellabelinformationen (236) einkapselt, wobei die Tunnellabelinformationen (236) einen Netzwerktunnelidentifikator (236a), einen Tunneltyp (236b) und/oder einen vorausgewählten Ausgabepunktidentifikator (402) umfassen.

13. Netzwerksystem nach einem der Ansprüche 9 bis 12, wobei die Ausgabedatenquelle (220) wenigstens einen Leistungsfaktor (404) zur Zuordnung mit wenigstens einem vorausgewählten Ausgabepunkt (202) speichert, wobei der Leistungsfaktor (404) eine Latenz (PCm-1), eine Bandbreite (PCm-2), Kosten (PCm-3) und/oder eine Verwendung (PCm-4) umfasst.

14. Netzwerksystem nach einem der Ansprüche 9 bis 13, wobei der Verbindungsmanager (210) die von der Clientverbindung (22) empfangenen Datenpakte (40) gemäß einem Default-Netzwerkroutingprotokoll sendet, wenn die Ausgabedatenquelle (220) dabei scheitert, einen Ausgabepunktidentifikator (402) für die empfangene Clientverbindung (22) bereitzustellen.

15. Netzwerksystem nach einem der Ansprüche 9 bis 14, wobei der vorausgewählte Ausgabepunkt (202) einen Ausgaberouter (204) umfasst.

Revendications

1. Procédé d'identification d'un point de sortie (202) à un emplacement de réseau, le procédé comprenant :

la réception, au niveau d'un gestionnaire de connexion (210), d'une connexion client (22) depuis un réseau externe (100) ;

le retrait, au niveau du gestionnaire de connexion (210), d'un identifiant de point de sortie (402) depuis une source de données de sortie (220) pour la connexion client reçue (22), la source de données de sortie (220) stockant des identifiants de point de sortie (402) associés à au moins un parmi une adresse de protocole internet (300) et un sous-réseau (306) ;

l'association, au niveau du gestionnaire de connexion (210), de la connexion client (22) à un point de sortie présélectionné (202) correspondant à l'identifiant de point de sortie récupéré (402), le point de sortie présélectionné (202, 202b) différent d'un autre point de sortie (202, 202a) choisi naturellement par un protocole de routage réseau par défaut ;

l'encapsulation, au niveau du gestionnaire de connexion (210), de paquets (40) de données reçues de la connexion client (22) ;

l'instanciation, au niveau du gestionnaire de connexion (210), d'un tunnel de réseau (232) à un point de sortie intermédiaire (30) situé à une distance seuil du point de sortie présélectionné associé (202, 202b) ;

l'envoi, depuis le gestionnaire de connexion (210), des paquets de données encapsulés (40, 40a) via le tunnel de réseau instancié (232) au point de sortie intermédiaire (30) ;

la décapsulation, au niveau d'un dispositif de décapsulation (240), des paquets de données encapsulés (40a) au moins proche du point de sortie intermédiaire (30) ; et

après la décapsulation des paquets de données encapsulés, le routage des paquets de données décapsulés (40, 40a) depuis le point de sortie intermédiaire (30) au point de sortie présélectionné associé (220) en utilisant le protocole de routage réseau par défaut.

2. Procédé selon la revendication 1, comprenant en outre l'instanciation de tunnels de réseau (232) d'un réseau de fournisseurs (200) pour chaque point de sortie présélectionné (202) ayant un identifiant correspondant de point de sortie (402) stocké par la source de données de sortie (220).

3. Procédé selon la revendication 1 ou 2, comprenant en outre :

la réception d'une extrémité annoncée du tunnel (234) depuis un dispositif de décapsulation (240) associé à chaque point de sortie présélectionné (202) ; et

pour chaque annonce reçue de l'extrémité du tunnel (234), l'instanciation d'un tunnel de réseau (232) au point de sortie présélectionné associé (202).

4. Procédé selon l'une quelconque revendication précédente, comprenant en outre :

la réception d'une extrémité annoncée du tunnel (234) depuis un dispositif de décapsulation (240) associé à chaque point de sortie présélectionné (202) ; et

pour chaque annonce reçue de l'extrémité du tunnel (234), la configuration du dispositif associé de décapsulation (240) pour cesser que des paquets de données encapsulés (40a) soient reçus à travers un tunnel de réseau (232).

5. Procédé selon l'une quelconque revendication précédente, comprenant en outre la requête de la source de données de sortie (220) pour un identifiant de point de sortie (402) associé à une destination (50b) de la connexion client reçue (22), la destination (50b) comprenant au moins un parmi une adresse de protocole internet (300) et un sous-réseau (306).

6. Procédé selon l'une quelconque revendication précédente, comprenant en outre la requête de la source de données de sortie (220) pour un identifiant de point de sortie (402) correspondant à un point de sortie présélectionné (202) satisfaisant un critère de performance (404), le critère de performance (404) comprenant au moins un parmi une latence seuil (PCm-1), une bande passante seuil (PCm-2), un coût seuil (PCm-3), et une utilisation seuil (PCm-4).

7. Procédé selon l'une quelconque revendication précédente, comprenant en outre l'encapsulation des paquets de données (40) avec les informations d'étiquetage des tunnels reçues (236), les informations d'étiquetage des tunnels (236) comprenant au moins un parmi un identifiant de tunnels de réseau (236a), un type de tunnel (236b), et un identifiant de point de sortie (402).

8. Procédé selon l'une quelconque revendication précédente, comprenant en outre l'envoi des paquets de données (40) reçus depuis la connexion client (22) selon un protocole de routage réseau par défaut lorsque la source de données de sortie (220) ne réussit pas à fournir un identifiant de point de sortie (402) pour la connexion client reçue (22).

9. Système réseau comprenant :

une source de données de sortie (220) stockant des identifiants de point de sortie (402) associé à au moins un parmi une adresse de protocole internet (300) et un sous-réseau (306) ;

un gestionnaire de tunnel (230) pour l'instanciation de tunnels de réseau (232) d'un réseau de fournisseurs pour chaque point de sortie présélectionné (202) ayant un identifiant de point de sortie correspondant (402) stocké par la source de données de sortie (220) ;

un gestionnaire de connexion (210) en communication avec la source de données de sortie (220) et le gestionnaire de tunnel, le gestionnaire de connexion (210) configuré pour :

la réception d'une connexion client (22) depuis un réseau externe (100) ;

la récupération d'un identifiant de point de sortie (402) depuis la source de données de sortie (220) pour la connexion client reçue (22) ;

l'association de la connexion client (22) à un point de sortie présélectionné (202) correspondant à l'identifiant de point de sortie récupéré (402), le point de sortie présélectionné différent d'un autre point de sortie choisi naturellement par un protocole de routage réseau par défaut ;

l'encapsulation de paquets (40) de données reçues de la connexion client (22);

l'instanciation d'un tunnel de réseau (232) à un point de sortie intermédiaire (30) situé à une distance seuil du point de sortie présélectionné associé (202, 202b) ; et

l'envoi des paquets de données encapsulés (40, 40a) via le tunnel de réseau instancié (232) au point de sortie intermédiaire (202) ; et

un dispositif de décapsulation (240) pour la décapsulation des paquets de données encapsulés (40, 40a) au moins proches du point de sortie intermédiaire (30) ;

dans lequel après la décapsulation des paquets de données encapsulés (40a) au niveau du dispositif de décapsulation (240), le gestionnaire de connexion (210) est configuré pour le routage des paquets de données décapsulés (40) du dispositif de décapsulation (240) au point de sortie présélectionné associé (202, 202b) en utilisant le protocole de routage réseau par défaut.

10. Système réseau selon la revendication 9, dans lequel le gestionnaire de tunnel est configuré pour :

la réception d'une annonce de l'extrémité d'un tunnel (234) depuis un dispositif de décapsulation (240) associé à chaque point de sortie présélectionné (202) ; et

pour chaque annonce reçue de l'extrémité du tunnel (234), l'instanciation d'un tunnel de réseau (232) au point de sortie présélectionné associé (202).

11. Système réseau selon la revendication 9 ou 10, dans lequel le gestionnaire de tunnel est configuré pour :

la réception d'une annonce de l'extrémité d'un tunnel (234) depuis un dispositif de décapsulation (240) associé à chaque point de sortie présélectionné (202) ; et

pour chaque annonce reçue de l'extrémité du tunnel (234), la configuration du dispositif associé de décapsulation (240) pour cesser que les paquets de données encapsulés (40, 40a) soient reçus à travers un tunnel de réseau (232).

12. Système réseau selon l'une quelconque des revendications 9-11, dans lequel le gestionnaire de tunnel (230) est configuré pour fournir des informations d'étiquetage des tunnels au gestionnaire de connexion (210), le gestionnaire de connexion (210) réalisant l'encapsulation des paquets de données (40) avec les informations d'étiquetage des tunnels (236), les informations d'étiquetage des tunnels (236) comprenant au moins un parmi un identifiant de tunnels de réseau (236a), un type de tunnel (236b), et un identifiant de point de sortie présélectionné (402).

13. Système réseau selon l'une quelconque des revendications 9-12, dans lequel la source de données de sortie (220) stocke au moins un facteur de performance (404) pour l'association avec au moins un point de sortie présélectionné (202), le facteur de performance (404) comprenant au moins un parmi un de latence (PCm-1), de bande passante (PCm-2), de coût (PCm-3), et d'utilisation (PCm-4).

14. Système réseau selon l'une quelconque des revendications 9-13, dans lequel le gestionnaire de connexion (210) envoie les paquets de données (40) reçu depuis la connexion client (22) selon un protocole de routage réseau par défaut lorsque la source de données de sortie (220) ne réussit pas à fournir un identifiant de point de sortie (402) pour la connexion client reçue (22).

15. Système réseau selon l'une quelconque des revendications 9-14, dans lequel le point de sortie présélectionné (202) comprend un routeur de sortie (204).

Drawing